2022 年 8 月 – 傻瓜的日記

Bind9 DDNS Ubuntu 22.04

2022-10-082022-08-31 作者: Tim Ng

以下設定在DDNS的Server

apt install bind9

建立一個 ddns 帳號

tsig-keygen -a hmac-sha512 ddns >> /tmp/ddns.key
cat /tmp/ddns.key

key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};

將上面的key貼在下面的設定檔, named.yourddnsdomain.com必須已經預先設定好

vi /etc/bind/named.conf.default-zones
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};

zone “yourddnsdomain.com" IN {
type master;
file “/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant ddns name subdomain.yourddnsdomain.com. A; };
};

以下設定在DDNS的Client

apt install bind9

Copy剛才在Server產生的ddns.key到Client /root/ddns.key

vi /root/do-nsupdate

#!/bin/bash

updateServer=ns1.masterdns.com
updateDomain=subdomain.yourddnsdomain.com
encryptKeyPath="/root/ddns.key"
checkIPWeb="http://checkip.amazonaws.com/"

CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v “#53")
CURRENT_IP=$(echo ${CURRENT_IP:9})

EXT_IP=$(curl $checkIPWeb)

if [ $CURRENT_IP != $EXT_IP ]; then
KEY=$encryptKeyPath

cat <<EOF | nsupdate -k “$KEY"
server $updateServer
update delete $updateDomain. A
update add $updateDomain. 3600 A $EXT_IP
send
EOF
fi

chmod 755 /root/do-nsupdate

vi /etc/crontab

*/5 * * * * root /root/do-nsupdate

Paloalto DNS Sinkhole

2022-10-092022-08-24 作者: Tim Ng

使用DNS sinkhole將已知有問題的Domain更換Lookback IP, 避免用戶不小心進入有害的網址

在Anti-Spyware新增一個Profile名為DNS-Sinkhole

在外出Internet的Rule裏使用剛才建立的DNS-Sinkhole profile

更新一下, 需要Download和Install

Click一下上圖綠圈, 在Release Notes裏看到下面的網址, 尋找一個已知有害的Domain測試一下

本文測試的是001060.com

GNS3 + Ubuntu

2022-10-092022-08-23 作者: Tim Ng

sudo add-apt-repository ppa:gns3/ppa
sudo apt update
sudo apt install gns3-gui gns3-server

sudo dpkg --add-architecture i386
sudo apt update
sudo apt install gns3-iou

wget http://www.ipvanquish.com/download/CiscoIOUKeygen3f.py
python3 CiscoIOUKeygen3f.py

https://docs.gns3.com/docs/getting-started/installation/linux/

How to generate Cisco IOURC licence key on GNS3 VM with Python 3

EVE-ng error

2022-10-132022-08-15 作者: Tim Ng

netio error: unable to open NETMAP: No such file or directory

touch /opt/unetlab/addons/iol/bin/NETMAP

And then try again in WebGUI

~~/opt/unetlab/data/Logs/unl_wrapper.txt~~

PRTG windows wmi permission

2022-10-092022-08-12 作者: Tim Ng

Add user to below group

Get-WmiObject -Namespace "root\cimv2" -Class Win32_LogicalDisk -ComputerName REMOTE_HOST -Credential DOMAIN\User

Sophos firewall XG nat 即時生效

2022-10-092022-08-11 作者: Tim Ng

剛測試的時候, 覺得Sophos為什麼NAT的設定好像有問題, 原來是要重設session才能生效

conntrack -D

conntrack -D -s {source pc ip}

SQL Backup with email alert

2022-10-092022-08-10 作者: Tim Ng

在左邊Toolbox -> Maintenance Plan Tasks尋找Back Up Database Task, 然後Drop it到右邊窗格

Double Click Back Up Database Task, 以下備份設定, 請根據需要修改和設定

Toolbox -> Maintenance Plan Tasks -> Shrink Database Task

Toolbox -> Maintenance Plan Tasks -> Rebuild Index Task

Toolbox -> Maintenance Plan Tasks -> Maintenance Cleanup Task

Toolbox -> Maintenance Plan Tasks -> Notify Operator Task

最後設定Schedule

記得要Save

MailCleaner OVA default password

2022-10-092022-08-01 作者: Tim Ng

MailCleaner預設的密碼這這個
root
MCPassw0rd

不過Console的keymap不同, 我是用US Keyboard, 等於輸入以下密碼
root
:CPqssz)rd

Default IP
192.168.1.101